Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

CLOUD VS. COMPLIANCE: WHO WINS?

Cloud vs. Compliance

By Garry Sidaway, Global Director of Security Strategy, NTT Com Security

Cloud adoption continues to grow in the finance and banking industry. Organisations of all sizes are quickly realising the benefits of using the cloud and how it can help them become more agile, efficient and competitive.

Cloud vs. Compliance

Cloud vs. Compliance

According to the Cloud Industry Forum, over 75 per cent of UK businesses will be using at least one cloud service formally by the end of 2013, and 80 per cent of current cloud users will have increased their spending in this area.

The cloud doesn’t naturally work well with compliance though. The latter is causing a blow for many IT professionals looking to embrace, or experiment with, the cloud. In a nutshell, compliance in the cloud does not work. Both cultures have entirely different agendas. Ultimately, the cloud seeks to propel a business forward, yet compliance seeks to restrain it.

This restriction is putting businesses off from adopting cloud services, according to a recent research report commissioned by NTT Com Security. It found that, when it came to being compliant, businesses around the globe were wary of the using the cloud. A worrying 86 per cent admitted that issues around data protection, legislation and regulation are responsible for cloud computing being adopted more slowly than they would like.

The growing challenges of legislation, regulation and compliance are all playing their part in this. Businesses only need to look at the latest publicity surrounding the NSA and PRISM revelations and compliance, data sovereignty laws and regulation requirements from authorities like the Information Commissioner’s Office (ICO).

These increasingly complex data laws are becoming something of a minefield for businesses looking to transform the way they operate using the cloud.

Match rules

We have used compliance to improve business and corporate governance, which is really important given what has happened in the last few years. It has also helped to improve approaches to risk management, enabling businesses to understand what their risks are and what processes and measures they have in place to protect themselves.

  • Compliance now needs to look forward and work with businesses and governments. In the age of the cloud, IT professionals are faced with a myriad of laws. They are:
  • ICO’s Guidelines: the security responsibility is on the business owning the data, instead of the third party cloud provider. The authority has the ability to fine a company up to £500,000 if it violates the Data Protection Act.
  • Data Protection Directive of 1995 (46/ EC) & Internet Privacy Law of 2002 (58/EC): organisations are required to notify data owners if their personal data is being collected, secure data from potential abuses, and only share data with the subject’s consent.
  • PCI DSS (Payment Card Industry Data Security Standard): businesses selling online must consider this standard. It states they must protect card data from logical or physical access, and use access controls to separate the duties between administrators and users who access credit card numbers.

A truce

The cloud and compliance can get along, but it’s time for them to put aside their differences and for companies to go back to basics.

Many organisations are making assumptions about the skills required to develop, design and deliver secure cloud services. At the moment, too many businesses are trying to apply risk procedures, controls and regulations to a cloud business model that they don’t truly understand.

Old world compliance methodologies are wrongly being applied to new world business models – only for businesses to soon realise that they can’t use the cloud effectively because of compliance. What they need to do instead is better understand the cloud before applying these controls. The same applies for cloud providers, as they need to embed security into their services.

IT professionals that do understand the correct way to merge the cloud and compliance come from a different perspective. Their priority is to encompass good cloud skills first, and those companies hesitant at adopting the cloud should follow suit. Armed with the right knowledge, only then can businesses explore the technology and how it can improve business operation, and apply the necessary controls to manage risk.

Cloud and compliance are not easy bed fellows but they can be seen to work together, meaning businesses win the battle. The key is for good knowledge of security and risk management to be at the top of every organisation’s cloud skills wish list.

About NTT Com Security
NTT Com Security (formerly Integralis) is a global information security and risk management organisation, which delivers a portfolio of managed security, business infrastructure, consulting and technology integration services through its WideAngle brand.  NTT Com Security helps organizations lower their IT costs and increase the depth of IT security protection, risk management, compliance and service availability. NTT Com Security AG, is headquartered in Ismaning, Germany and part of the NTT Communications Group, owned by NTT (Nippon Telegraph and Telephone Corporation), one of the largest telecommunications companies in the world.  For more information,
visit http://www.nttcomsecurity.com.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post